CoreOS takes its Clair container security tool out of beta

0

CoreOS announced the first preview of Clair, a tool that scans Docker containers for security vulnerabilities, last November and today, with the launch of Clair 1.0, it is ready to take the beta label off the service.

Given that developers often rely on pre-packaged containers — or regularly recycle the same ones — ensuring that the software included in them is safe to run is only going to get more important. And this isn’t even about malware but simply about out-of-date packages inside these containers that have known security vulnerabilities that a hacker could exploit.

CoreOS’s own research, based on the containers in its Quay container registry, shows that about 70 percent of the vulnerabilities it detected could be fixed by simply upgrading the packages in the container.

“Updating to the latest versions of installed software improves overall infrastructure security, which is why we deemed it important to analyze container images for security vulnerabilities as well as provide a clear path to updates mediating those issues that Clair uncovers,” the company argues. “Container images are often infrequently updated, but with Clair security scanning, users can identify and update problematic images more easily.”

CoreOS says it has added a number of changes to the tool since it first announced it. These include making the whole service more extensible and an improved REST API, for example, but Clair 1.0 also provides users with more details about each of the detected vulnerabilities.

0

Crunchbase

OverviewDocker, Inc. is the company behind the Docker open source platform, and is the chief sponsor of the Docker ecosystem. Docker is an open platform for developers and system administrators to build, ship and run distributed applications. With Docker, IT organizations shrink application delivery from months to minutes, frictionlessly move workloads between data centers and the cloud and can achieve up …

OverviewCoreOS is a leader in the Kubernetes community and creator of Tectonic, a secure and complete platform that extends Kubernetes with key enterprise features that ease container orchestration. CoreOS creates and delivers critical components, such as the Quay private image registry, that are helping fuel broad adoption of a secure, scalable and resilient infrastructure inspired by hyperscale providers. …